Limit bandwidth to the origin server


#1

Is there a way to limit bandwidth usage to the origin?

If not, what is the typical max bandwidth CloudFlare will send to a single origin server…?

Thanks
Dave


#2

There is not a way, it depends on traffic and cache ratio.

There is not a max bandwidth, it will try to use up the whole connection. I have seen 1Gbps to the origin for a single user if that user can deal with it and the server/network conditions allow for it.


#3

Thanks Matteo, that’s helpful…

So, if our physical server connection is 1Gbps it is unlikely to try and push more than this through to the server?

i.e. if a DDoS attack manages to get through the edge could it push greater than 1Gbps through to the server?


#4

Let’s start from the beginning here, so usually Cloudflare is used to proxy content downloads (so outbound bandwidth is higher than inbound, by a lot usually). So it’s your server that limits single downloads to the 1Gbps total maximum. It’s really hard to get a 1Gbps load inbound, especially if things are cached correctly. This obviously depends on the traffic especially if not static.

A DDoS is the opposite, inbound bandwidth is as high as it can be so if someone tries to reach your server (and for some strange reason the automatic detection of Cloudflare doesn’t see it) with tons of high payload requests and the response is not cached that traffic will be passed to your server which would need to cope with it. Cloudflare has 10’s of Tbps of bandwidth, so they could theoretically hammer you (they won’t obviously, but if someone passes through that Cloudflare won’t be the limiting factor).

If you set-up caching correctly (Cache-Control headers and possibly Page-Rule) nothing should get back to you unless you have POST and/or dynamic content.


#5

thanks, really good answer.

You’ve put my thought process into the right track now…